<?php
include("../includes/global-settings.php5");

mysql_connect ($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();

$username = mysql_real_escape_string(strip_tags($_POST["username1"]));
$password = mysql_real_escape_string(strip_tags(sha1($_POST["password1"])));

$query 	  = "SELECT Username, Password, FirstName, LastName, UserID FROM users WHERE username='$username' AND password='$password'";
$result   = mysql_query($query);
$count    = mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count == 1) {
while($row = mysql_fetch_array($result)) {
	$userid    = $row['UserID'];
	$firstname = $row['FirstName'];
	$lastname  = $row['LastName'];
	$_SESSION['firstname'] = $firstname;
	$_SESSION['lastname']  = $lastname;
	$_SESSION['userid']    = $userid;
	$_SESSION['username']  = $username;
	$_SESSION['password']  = $password;
}
header("location: ../protected/home.php");
} else {
header("Location: ../index.php");
}
?>